Certbot "successful", but still don't have an ssl certificate

Makes sense.

So, you have two webservers installed:

  • Apache
  • lighttpd

They’re both configured to listen to port 80 - which isn’t going to work. Apache can’t start because lighttpd stole its port.

Do you know what you need lighttpd for? You probably only want one of the webservers at the end of the day.

I don’t think I’m using lighttpd for anything, so I can uninstall it and restart my system, try the reinstall again

Your current website at http://snreloaded.stream/ is being served by lighttpd.

Perhaps be a little careful if you intend to uninstall it - you don’t want to lose any of your work!

Odd, because when I first created the site I had to remove the default Apache page.

My web root is /var/www/html/, and I remember moving the default index.html over (I do have it on GitHub as well)

Total speculation, but perhaps your lighttpd configuration is also using /var/www/html to serve up your website?

If Apache dropped its default page in there when it was installed, it may have given the wrong impression that you were hosting using Apache.

Edit: Just checked, and the default document root on Ubuntu for lighttpd is indeed /var/www/html:

server.document-root        = "/var/www/html"

Do you happen to know what Ubuntu server uses by default? Because I started editing the HTML files on a fresh Ubuntu server install

Do you mean what webserver it uses by default? I’m not sure - there’s a lot of “flavors”. But we definitely know you’re using lighttpd right now because it’s revealed in a response header (last line):

$ curl -X GET -I http://snreloaded.stream/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Accept-Ranges: bytes
ETag: "837399829"
Last-Modified: Sat, 27 Apr 2019 09:54:38 GMT
Content-Length: 1815
Date: Wed, 15 Jan 2020 06:11:13 GMT
Server: lighttpd/1.4.45

Just restarted my server, can you try that command again?

Same result - lighttpd.

Huh. Interesting

My world has been changed, lol

So should I uninstall Apache then?

If you want, I guess?

The advantage with Certbot + Apache is that Certbot can automatically configure your Apache’s SSL for you.

With lighttpd, you’re (a little bit more) on your own.

Just for kicks, you can try stop lighttpd and try start Apache in its place. For example:

sudo service lighttpd stop
sudo service apache2 start

and try see if your website still works the same.

If it does, you could consider uninstalling lighttpd and keeping Apache instead!

Yea! The website still works, so I’ll just uninstall lighttpd

You’ll also want to make sure Apache starts on boot:

sudo systemctl enable apache2

and once you get rid of lighttpd, you can also retry the Certbot installation from before:

sudo certbot --apache

It says it succeeded! Hopefully it is working (once again)

Thank you for your help with diagnosing the issue!

One issue I just noticed is that it doesn’t seem to auto upgrade http to https, which is honestly what I would prefer for my site. Is there something I can manually change with my Apache install?

I think Certbot can do it for you, something like:

sudo certbot enhance -d snreloaded.stream --redirect

snreloaded@Machina:~$ sudo certbot enhance -d snreloaded.stream --redirect
[sudo] password for snreloaded:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer apache

Which certificate would you like to use to enhance your configuration?

1: snreloaded.stream

Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1

Which domain names would you like to enable the selected enhancements for?

1: snreloaded.stream

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Enhancement redirect was already set.

Hmm. That’s weird. I wonder if you have duplicate virtual hosts.

What’s this show now:

sudo apachectl -t -D DUMP_VHOSTS

snreloaded@Machina:~$ sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 snreloaded.stream (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server Machina.mtu.edu (/etc/apache2/sites-enabled/000-default-le-ssl.conf:37)
port 80 namevhost Machina.mtu.edu (/etc/apache2/sites-enabled/000-default-le-ssl.conf:37)
port 80 namevhost Machina.mtu.edu (/etc/apache2/sites-enabled/000-default.conf:1)

I think the redirect is setup, but because there’s two duplicate virtual hosts for the same hostname, the one without the redirect is taking effect.

sudo a2dissite 000-default
sudo service apache2 reload

(If that’s the wrong one, we can switch it around after).